Problem only occurs if "Allow user to initiate password change" is disabled in password policy settings.

Resolution

1. Verify that universal password has been enabled for the users, and

2. In the password policy settings, set "Allow user to initiate password change" to "enabled".

Additional Information

If the user has logged in with a smart card and SecureLogin is configured to use network credentials when logging in to an application, SecureLogin uses the NMAS_C32PwdStatus API to read the universal password. The API NMAS­_C32PwdStatus is used both to read and to change the universal password. Novell does not have separtate APIs for read password vs change password. If users are not allowed to change their password, they are also not allowed to read it. This is working as designed.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.